Subject: nginx web server configuration file for Suprema BioStar 2 Door Access System
Good day from Singapore, On 7 Mar 2024 Thursday, I was installing NEW self-signed SSL certificate for Suprema BioStar 2 door access system version 2.7.12.39 for a law firm in Singapore because the common name (CN) in the existing SSL certificate was pointing to the WRONG private IPv4 address 192.168.0.149. I have referred to the following Suprema technical support guide to install new self-signed SSL certificate for the door access system. Article: [BioStar 2] How to Apply a Private Certificate for HTTPS Link: https://support.supremainc.com/en/support/solutions/articles/24000005211--biostar-2-how-to-apply-a-private-certificate-for-https The server certificate/public key (biostar_cert.crt), private key (biostar_cert.key), PKCS12 file (biostar_cert.p12) and Java Keystore (keystore.jks) are all located inside the folder C:\Program Files\BioStar 2(x64)\nginx\conf Looking at the above directory pathname, it is apparent that the South Korean Suprema BioStar 2 door access system is using the open source nginx web server. But why are ssl_certificate and ssl_certificate_key directives NOT configured for the HTTPS section in the nginx configuration file? The entire HTTPS section was also commented out. I am baffled. Why is there a Java Keystore (keystore.jks)? Is nginx web server being used in conjunction with some type of open source Java web server? Looking forward to your reply. Thank you. I shall reproduce the nginx web server configuration file for the Suprema BioStar 2 door access system below for your reference. nginx.conf is inside C:\Program Files\BioStar 2(x64)\nginx\conf <CODE> #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # Swagger document location location /biostar { root html; } # Report document location location /report { root html; } # FASTCGI location location /api { fastcgi_pass 127.0.0.1:9000; fastcgi_read_timeout 300; include fastcgi_params; } # WEBSOCKET location location /wsapi { proxy_pass http://127.0.0.1:9002; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /webdav { autoindex on; alias html/download; client_body_temp_path html/download; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path on; client_body_in_file_only on; client_body_buffer_size 128K; client_max_body_size 1000M; dav_access user:rw group:rw all:r; } location /resources { root html; autoindex on; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } </CODE> Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore Blogs: https://tdtemcerts.blogspot.com https://tdtemcerts.wordpress.com GIMP also stands for Government-Induced Medical Problems. _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
